Friday, August 20, 2004

F-Secure'sAntiVirus Research Weblog has a good article explaining one of the less publicized features of SP2. Now, whenever you download a file through IE, it creates an Alternate Data Stream (ADS) attached to that file that specifies which network zone the file came from. The idea here is that if you download an executable file from an untrusted zone (ie, the Internet) and save it on your hard drive, the system won't later let you run it unless you first submit to a popup dialog acknowledging that you know it might be dangerous.

This feature only works on NTFS filesystems, so floppy disks and USB dongles are still vulnerable, but it seems like a good idea overall. Unfortunately, as this advisory points out, there are ways to get around this restriction.